FinCEN Starts E-Filing of New CTR and SAR Forms
Mandatory Use of New Forms Soon to Follow

The Financial Crimes Enforcement Network (FinCEN) announced on March 29, 2012, that it is now accepting the new Currency Transaction Report (CTR) and Suspicious Activity Report (SAR) forms for filing on the BSA E-Filing System. Financial institutions may continue to use existing forms until July 1, 2012, at which point all CTR and SAR reports must be filed electronically. Though the newly released CTR and SAR forms contain new and expanded lists of data elements, FinCEN emphasized that the new forms do not change existing statutory and regulatory obligations.

New features and data elements in the recently released CTR and SAR forms include:

  • Fields related to the subject’s Internet presence, such as “e-mail address” and “website (URL) address”
  • A more limited number of characters to create a SAR Narrative, though this is somewhat offset by the added ability to attach spreadsheets that the institution believes would be useful to law enforcement
  • A North American Industry Classification System (NAICS) code field
  • An “auto-populate” feature that allows an institution to avoid the time of re-entering duplicative information

FinCEN strongly recommends that institutions begin to file electronically before the July 1, 2012, mandate takes effect. The new CTR and SAR forms are available through the BSA E-Filing System and must be submitted electronically.

FinCEN’s new CTR and SAR forms are designed to accommodate all industries subject to filing requirements. Thus, the new forms are intended to replace FinCEN Form 104 (CTR), FinCEN Form 103 (CTR by Casinos), and all of the industry-specific SARs (TD F 90-22.47, FinCEN Form 101, FinCEN Form 102, and FinCEN Form 109).

We note that in February 2012, FinCEN rolled out its final rule imposing many of the Bank Secrecy Act requirements on non-bank mortgage lenders and originators (RMLOs). In doing so, FinCEN stated that it intended to establish a uniform electronic form for the filing of SARs, and that RMLOs would be required to use FinCEN's electronic, Web-based E-Filing system, which was then under development, for the filing of the uniform SAR form. Now that the system has been implemented, RMLOs can register and familiarize themselves with the new forms in advance of the August 13, 2012, compliance date.

FinCEN also announced an upcoming change regarding the timeframe in which financial institutions must file a CTR. Starting April 1, 2013, a CTR must be filed within 15 days of the triggering transaction. This marks a significant change from the current 25-day compliance period.

Beth Moskow-Schnoll

FTC Outlines Best Practices in Final Privacy Report

The Federal Trade Commission is urging companies that collect and use consumer data to adopt the best practices described in its recently released final report on privacy titled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policy Makers.”

The FTC’s report follows closely on the heels of the Obama administration’s recently released white paper on consumer privacy that urged Congress to enact legislation creating a “Consumer Privacy Bill of Rights.” (For more on the administration’s report, see our March 14, 2012, legal alert.)

Referring to the best practices as a “privacy framework,” the FTC states in the report that it intends the framework not only to guide companies in the development of self-regulatory measures but also to “assist Congress as it considers privacy legislation.” Citing the need for clear standards and “adequate legal incentives” such as civil penalties and other remedies to deter companies from cutting corners on consumer privacy, the FTC calls on Congress to consider enacting technologically neutral and flexible baseline privacy legislation.

The FTC also reiterates its call for federal data security legislation and voices its support for legislation that would provide consumers with access to information about them held by data brokers. At the same time, the FTC indicates that “to the extent the framework goes beyond existing legal requirements,” the FTC does not intend to use the framework “as a template for law enforcement actions or regulations” under laws currently enforced by the FTC.

The framework is intended to apply to all commercial entities that collect (online or offline) or use consumer data that reasonably can be linked to a specific consumer, computer, or device. While generally adopting the framework proposed by the FTC in 2010, the final report would exclude companies that collect or use only non-sensitive data (e.g., data that is not a Social Security number or financial, health, children’s, or geolocation information) from fewer than 5,000 individuals per year and do not share the data with third parties. It also includes steps a company can take to “de-identify” data so that it would not be considered “reasonably linkable.”

The framework consists of the following best practices:

Privacy By Design
Companies should (1) incorporate substantive privacy protections into their everyday business practices, such as data security, reasonable limits on collection and retention, and data accuracy, and (2) maintain comprehensive data management procedures covering the entire life cycle of their products and services. The report includes a “data collection and disposal case study” focused on concerns raised by mobile devices.

Simplified Consumer Choice
Companies should provide easy-to-use choice mechanisms that allow consumers to control whether their data is collected and how it is used. However, companies need not offer choice before collecting and using data for practices that are (1) consistent with the context of the interaction between the company and consumer, or (2) required or specifically authorized by law. Examples of such practices include product and service fulfillment, fraud prevention, internal operations, legal compliance, and public purpose. The report includes a discussion of when the use of data in first-party marketing would meet the consistency standard as well as the permissibility of a “take-it-or-leave-it” approach to choice. Choice, when required, should be offered at a time and in a context that is relevant to the consumer’s decision about whether to allow data collection or use (which would typically be before or at the time of collection). Affirmative express consent should be obtained before a company uses consumer data in a way that is materially different from that claimed at the time of collection or when collecting sensitive data for certain purposes.

Privacy notices should be clearer, shorter, and more standardized. The report raises the particular challenges associated with providing notice in the mobile context and notes that mobile privacy disclosures will be among the topics addressed at a workshop the FTC has scheduled for May 30, 2012, on advertising disclosures in online and mobile media. At a minimum, companies should offer consumers reasonable access to the types of consumer data they maintain about them and the data’s sources, and, when warranted by the data’s use or sensitivity, provide access to individualized data and correction rights. All stakeholders—businesses, industry trade groups, consumer groups, and government—should increase their efforts to educate consumers about data privacy practices.

Although it appears the FTC does not intend to use the framework as a basis for bringing enforcement actions, the FTC plans to promote voluntary implementation of the framework by industry through its policymaking efforts.

The five main areas on which the FTC will focus those efforts are:

  • Development by industry of “an easy-to-use, persistent, and effective Do Not Track system” that consumers can use to control the tracking of their online activities
  • Improvement by providers of mobile services of existing privacy protections for such services, including the development of “short, meaningful disclosures” for mobile services
  • Creation by data brokers of a centralized website on which brokers would identify themselves to consumers, describe how they collect and use consumer data, and explain what rights consumers have to access data and make choices
  • Further study of privacy and other issues relating to the tracking of consumer online activity by large platform providers
  • Encouraging the development by industry stakeholders of sector-specific, self-regulatory codes while enforcing the FTC Act “against companies that engage in unfair or deceptive practices, including the failure to abide by self-regulatory programs they join”

- Barbara S. Mishkin



Maryland Foreclosure Statutes Survive Constitutional Challenge

In a decision that is good news for mortgage lenders and servicers, a Maryland appellate court has upheld the constitutionality of recent amendments to Maryland’s foreclosure statutes that retroactively cured defects in certain mortgage instruments.

In Svrcek v. Rosenberg, decided March 29, 2012, the Maryland Court of Special Appeals cleared the way for mortgage lenders and servicers to foreclose under the powers of sale in scores of deeds of trust recorded in Maryland’s land records during the mid-2000s, notwithstanding the fact that the deed of trust named corporations or other business entities as trustees rather than national persons.

Maryland law has long provided that only a natural person—as opposed to a corporation or other business entity—may foreclose under a power of sale in a deed of trust. Despite this, during the residential mortgage financing boom in the mid-2000s, certain originating lenders nonetheless named corporations and other entities as trustees on untold numbers of Maryland deeds of trust.

Borrowers seeking to stave off foreclosure seized on the issue, claiming that deeds of trust naming corporations were “void” under Maryland law. Some local courts ruled that lenders may not replace corporate trustees with natural persons. This meant that lenders could not foreclose under the power of sale, but instead had to proceed under alternate procedures, which were more time-consuming and burdensome for lenders.

In 2010, the Maryland legislature amended Maryland’s real property statutes to clarify that deeds of trust naming corporate trustees were not “void” and to permit lenders to replace corporate trustees with natural persons. The legislature made the amendments apply retroactively to any deed of trust recorded in the land records prior to June 1, 2010, effectively curing the problem.

In response to the amendments, borrowers filed lawsuits challenging the constitutionality of the amendments on the theory that the retroactive application of the amendment deprived them of “vested property rights.” In Svrcek, the Maryland appellate court rejected this argument, and upheld the retroactive application of the amendments. The court ruled that the code amendments merely permitted the lender to exercise a right that the borrower voluntarily granted to the lender at the time the deed of trust was signed. Therefore, the court found that the amendments did not deprive the borrower of any rights.

Ballard Spahr’s litigators have successfully defended mortgage lenders and servicers in dozens of similar cases, including actions involving attacks on the validity of Maryland deeds of trust that appointed corporations as trustees.

- Robert A. Scott



JOBS Act Eases Raising of Private Capital

Despite its acronym, the JOBS Act is not really about jobs, but rather a law about capital markets, as its full name—the Jumpstart Our Business Startups Act—clearly suggests. By significantly altering some of the federal securities laws, it was designed to make it easier for companies to raise private capital, to remain private longer, and to go public.

Ballard Spahr’s Securities Group published an alert summarizing the JOBS Act. It provides a quick overview of the law’s key provisions in bullet-point format, followed by a more in-depth discussion of the specific ways in which the JOBS Act amends the Securities Act of 1933 and the Securities Exchange Act of 1934, and the exceptions it carves out for certain companies from the requirements of the Sarbanes-Oxley Act and the Dodd-Frank Act.

Today the Securities Group published a second alert, SEC Issues First Guidance on JOBS Act, which focuses on the SEC’s recently published Frequently Asked Questions, or FAQs, providing guidance on implementation of the JOBS Act.

Our Securities Group will continue to monitor the JOBS Act as the law takes shape with implementing regulations from the Securities and Exchange Commission. If you have questions about the law, please contact one of the group’s three practice leaders: Justin P. Klein at 215.864.8606 or, Gerald J. Guarcini at 215.864.8625 or, or Mary J. Mullany at 215.864.8631 or



Confidentiality Agreements in the Context of M&A Transactions
Guest column from members of our Mergers and Acquisitions/Private Equity Group

Before parties perform due diligence, agree to a term sheet, or even enter into initial discussions regarding a potential merger or acquisition, they should discuss the terms of a confidentiality agreement in order to protect their sensitive or proprietary information. Depending on the type of transaction, confidentiality agreements may vary to accommodate the specific facts and circumstances of a deal.

What and When?
The parties should sign a confidentiality agreement prior to disclosing any confidential information. If conversations progress rapidly, before a confidentiality agreement is signed, the confidentiality agreement should specify that it will also cover prior disclosures.

If only one party is disclosing confidential information to the other party, a unilateral confidentiality agreement is usually appropriate, while if both parties are sharing confidential information, a mutual agreement is appropriate. Unilateral confidentiality agreements are typically seen in M&A transactions in which the purchase price is payable entirely in cash where a buyer does not share confidential information, while mutual confidentiality agreements are used for joint ventures or M&A transactions involving equity where both parties share confidential information. Even though the buyer in an all-cash transaction may not initially be sharing confidential information, the buyer may, in the future, share confidential information, or may want specific deal terms, or even the fact that negotiations are taking place, to be kept confidential. Given these additional considerations, the parties may find it more efficient to enter into a mutual confidentiality agreement from the outset.

Variations for Buyers and Sellers
Even in a mutual confidentiality agreement, there can be an inherent tension between the interests of the party sharing the majority of the confidential information and the party receiving it.

A seller—who will typically be sharing the bulk of the confidential information about its business and operations—will want the definition of what is considered confidential to be as broad as possible to ensure that all of the information it shares about its business and operations is protected, especially in the event that the deal does not close. A buyer—typically the recipient of the bulk of the confidential information and responsible for protecting that information—will want the definition and identification of confidential information to be as specific as possible to avoid confusion as to what information is considered confidential.

A buyer will want the restrictions on its use of the confidential information to be as limited as possible, as a buyer will want to share that information with its advisers and representatives, while a seller will want to limit the dissemination of its information.

The term of a confidentiality agreement may also vary from a few months from the date of the first disclosure to indefinitely. The party disclosing the confidential information typically wants the confidentiality agreement—and its protections—to survive indefinitely, or until the information has entered the public domain. The party receiving most of the information will want the confidentiality agreement to have a set termination date, so that it can be released from its obligations and any potential liability for breach of those obligations.

A seller, if it is concerned about a buyer soliciting its employees, customers, or suppliers, can include a non-solicitation term in the confidentiality agreement restricting the buyer from taking the foregoing actions.

A buyer, who may spend a substantial amount of time and money evaluating a transaction, may want to protect such investment from other third parties who also may be interested in acquiring the seller in whole or in part by requiring an exclusivity clause in the confidentiality agreement. This exclusivity clause prevents the seller from approaching other potential buyers in connection with such a transaction. Sellers typically object to long and prohibitive exclusivity provisions. These exclusivity provisions are often included in a separate agreement or a term sheet, rather than a confidentiality agreement.

Considerations for M&A Transactions Involving Public Companies
When a deal involves a public company, confidentiality agreements may include a standstill agreement, which restricts the buyer, typically for one year, from making unsolicited bids on the seller in an effort to thwart a hostile takeover attempt. The confidentiality agreement must also qualify for the confidentiality exception of Regulation FD under the Securities Exchange Act of 1934 to permit a public company to disclose material, non-public information to certain people. Finally, when the seller is a public company, a confidentiality agreement may contain a provision that the buyer and its representatives may not buy or sell the seller’s securities if they have material, non-public information.

While a party can try to enforce a confidentiality agreement against a breaching party in a court of law, there are limitations on the effectiveness of available remedies. Once confidential information has been released into the public domain, it is very difficult to reclaim it, even with an injunction. Given the speed at which information is spread and how easy it is to access information on the Internet, the damage has often already been done by the time an injunction is granted.

When a party seeks damages for breach of confidentiality under a breach of contract theory, those damages are typically difficult to quantify, especially when the confidential information has future value, as well as present value. For these reasons, if a buyer or seller has extremely sensitive information, or information that is vital to its business, or if the parties are direct competitors with one another, the disclosing party may want to implement additional controls to protect its confidential information. For example, a party could redact or share only a portion of its confidential information or a party could use features of a data room, such as permitting a party to view a document, but not download or print it until the seller becomes sufficiently confident that a definitive purchase agreement memorializing the proposed transaction will be executed by the parties.

Ballard Spahr’s Mergers and Acquisitions/Private Equity Group has extensive experience drafting and negotiating confidentiality agreements on behalf of its clients, who represent both buyers and sellers. For further information, please contact Craig Circosta at 215.864.8520 or

Nebraska Sales Finance Companies To Be Licensed through the NMLS

As part of the ongoing expansion of the Nationwide Mortgage Licensing System (NMLS) beyond the mortgage industry, Nebraska Sales Finance Companies will be licensed through the NMLS beginning in 2013. The Nebraska legislature recently amended the Installment Sales Act to require licensing through the NMLS by the later of January 1, 2013, or 180 days after the NMLS is capable of accepting Sales Finance Company Licenses. Per the amended statute, Nebraska Sales Finance Company Licensees may be subject to certain requirements that have become standard for other NMLS-regulated entities, such as fingerprint criminal background checks, credit history checks, pre-license education and testing, and continuing education.

- Reid F. Herlihy

Copyright © 2012 by Ballard Spahr LLP.
(No claim to original U.S. government material.)






All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.